Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

After the iPhone encryption battle between Apple and the FBI, Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can’t hack.

Even at that point the company hired one of the key developers of Signal — one of the world’s most secure, encrypted messaging apps — its core security team to achieve this goal.

But it seems like Apple has taken something of a backward step.

Apple deliberately weakens Backup Encryption For iOS 10

With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users’ security and privacy.

Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor.

In iOS 9 and prior versions back to iOS 4, PBKDF2 function generates the final crypto key using a pseudorandom function (PRF) 10,000 times (password iterations), which dramatically increases authentication process time and makes dictionary or brute-force attacks less effective.

Now Bruteforce 2,500 times Faster than earlier iOS Versions

Moscow-based Russian firm ElcomSoft, who discovered this weakness that is centered around local password-protected iTunes backups, pointed out that Apple has betrayed its users by deliberately downgrading its 6 years old effective encryption to SHA256 with just one iteration.

Therefore, a hacker only requires to try a single password once and brute force to find a match and crack the account login, making the entire process substantially less time consuming.

"We discovered an alternative password verification mechanism added to iOS 10 backups. We looked into it and found out that the new mechanism skips certain security checks, allowing us to try passwords approximately 2500 times faster compared to the old mechanism used in iOS 9 and older," Oleg Afonin from Elcomsoft wrote in a blog post today.
Yes, that’s right. With iOS 10, it’s possible for an attacker to brute force the password for a user’s local backup 2,500 faster than was possible on iOS 9, using a computer with an Intel Core i5 CPU (with 6 million passwords per second).

However, an obvious limitation to this attack is that it can’t be performed remotely.

Since the weakness is specific to password-protected local backups on iOS 10, a hacker would require access to your device’s local backup, where the iPhone files are stored.

Elcomsoft is a well-known Russian forensics company that, like market leader Cellebrite, makes money by selling a kit that can hack into iPhones for the purpose of rooting around a target’s device.

The Elcomsoft’s kit was believed to have been used in The Fappening (or ‘Celebgate’) hack, where hackers exposed celebrities’ nude pictures in 2014 by hacking into the Apple iCloud and Gmail accounts of more than 300 victims.